Directory listing in Apache is provided by the AutoIndex module. If enabled, Apache will show the list of files and folders if no DirectoryIndex files are present in a particular path or folder.

Example of common DirectoryIndex files are index.html, index.htm, index.php and welcome.html, configurable in Apache configuration file.

It's a handy feature for sure but you might want to disable directory browsing for security or any other other reasons.

Automated directory index for Apache could be disabled by disabling mod_autoindex altogether, set appropriate options in Apache configuration file or by using htaccess file.

If you're hosting on platforms such as cPanel, you can use platform-specific methods to disable Apache's directory listing

How to disable Apache directory listing in cPanel

Methods to disable directory listing in Apache:

Method 1: Disable Apache directory listing by disabling autoindex module

The easiest way is probably to disable the autoindex module entirely and disabling the module would affect all the sites hosted on the server.

  1. Launch your preferred terminal application
  2. Disable autoindex module for Apache. 
    $ sudo a2dismod --force autoindex # Ubuntu, Debian and SUSE
Module autoindex disabled.
To activate the new configuration, you need to run:
  systemctl restart apache2
    • Distributions with a2dismod support can simply run the command above without having to manually disable the required modules.
    • LoadModule directive for the corresponding autoindex module need to be manually disabled by removing or commenting (by adding # at the beginning) the line in the configuration file.

    How to enable or disable Apache modules

    Options Debian, Ubuntu openSUSE and SLES Fedora Core, CentOS, RHEL macOS homebrew xampp
    a2dismod support yes yes no no no no
    Modules to uninstall none
    Module name n/a autoindex
    Loadmodule directive n/a #LoadModule autoindex_module <module_locations>/mod_autoindex.so
  3. Restart Apache for the changes to take effect.

    How to start, restart and stop Apache service

Method 2: Disable Apache directory listing via Directory's Options directive

You can add -Indexes to Options directive in Apache's configuration file to fully disable directory listing, or add the same -Indexes option into Directory configuration to disable the feature per-directory.

Steps to disable Apache directory listing:

  1. Open Apache's configuration file using your preferred text editor. 
    $ sudo vi /etc/apache2/other/mysite.conf

    The configuration could be set globally or from within VirtualHost configuration.

    Location for Apache VirtualHost configuration files

  2. Add -Indexes to Options directive for required directory. 
    <Directory /var/www/mysite>
    Options -Indexes
</Directory>

    Notice that it's -Indexes and not +Indexes

  3. Restart Apache for the changes to take effect.

    How to start, restart and stop Apache service

Method 3: Disable Apache directory listing using .htaccess

If you don't have administrator access to the system or just want to easily manage directory listing on per-directory basis, you can use the above Options -Indexes directive in htaccess files.

  1. Open or create htaccess file on the directory that you wnt to disable listing using your preferred text editor. 
    $ sudo vi /var/www/mysite/.htaccess
  2. Add -Indexes to Options directive in the htaccess file. 
    Options -Indexes

Guide compatibility:

Operating System
Ubuntu 16.04 LTS (Xenial Xerus)
Ubuntu 16.10 (Yakkety Yak)
Ubuntu 17.04 (Zesty Zapus)
Ubuntu 17.10 (Artful Aardvark)
Ubuntu 18.04 LTS (Bionic Beaver)
Ubuntu 18.10 (Cosmic Cuttlefish)
Ubuntu 19.04 (Disco Dingo)
Discuss the article:

Comment anonymously. Login not required.

author: shakir
Share!